RE: Fw: [dss-x] Visual Signatures profile

["Pim van der Eijk" <pvde@sonnenglanz.net>]

Hello,

The PDF signing scenario I have seen most interest in is:
-  Create a PDF document with predefined signature fields, each with their
associated label ("Employer", "Employee" etc.), in an automated process or
using the user interface of a PDF tool
-  Use a DSS-PDF service to certify the PDF document (applying a
Modification Detection and Prevention signature), to allow it to be signed
and annotated, but not substantially changed
-  Then, use a DSS-PDF to sign an indicated signature field.  

This could be handled without major extensions to DSS:
-  Applying the MDP signature could be the default operation, in the absence
of other optional inputs ("Seal this document"), triggered by the MIME type
of the document to be signed
-  To sign a named signature field, the name of the field could be added as
an optional input ("Put my signature in field <Name>")
 
I.e. the action of adding, deleting signature fields would not have to be
part of the core PDF related functionality.

Issues/comments:
-  A DSS client may not have any understanding of PDF.  It should be able to
issue a request like "Seal this document, unless it already has a valid
seal" 
-  A client should be able to send a PDF document a receive a list of all
signatures, signature fields and their status. The request would be
something like "Tell me who, if anyone, signed this document and validate
their signatures".  The response would be something like: 
"Document is sealed by <DSSserver>, the <Employer> field is signed by
<Signatory> and that signature is valid, the <Employee> field is not yet
signed"
-  PDF has limits on the number of signatures of certain types that can be
in a particular document (at most one MDP signature, at most two usage
rights signatures).  It should not be possible to put a signature in a field
that already has a signature in it, or to add a signature if the document
already contains a maximum number of signatures of that type) 
-  It would be great if the operation of signing a named field would not
require the PDF document to be checked out from a document management
system, so that various signature fields can be signed in a parallel
workflow.  Perhaps this is more a tool design issue than a protocol issue. 
-  A server could link the name of a signature field to a role or to an
individual. When signing, the server could communicate with an access
control product, e.g. using XACML ("A requester claiming to be <Person>,
identity authenticated by <IdP> using a SAML assertion in the DSS request,
wants to sign this document as an <Employer>. Please check if <Person> is a
member of the <Employer> group"). 

Pim

-----Original Message-----
From: Andreas Kuehne [mailto:kuehne@trustable.de] 
Sent: 01 April 2008 13:45
To: lrosenth@adobe.com
Cc: dss-x@lists.oasis-open.org
Subject: RE: Fw: [dss-x] Visual Signatures profile


>  The first three items in your simple approach are fine - nothing  
> "problematic" there.
Hey, good start ;-)

>  The fourth, however, is the one that starts to introduce some  
> complexity.  In order to "lock down" a PDF after signing, you need  to 
> use what it called a "certifying signature" along with "MDP"
>  (modification, detection and prevention) rules.
>   Doing so, of course, will prevent any future signing -  which would 
> be problematic if the form really requires parallel  or sequential 
> sigs. However, MDP rights allow you to prevent all  changes EXCEPT 
> other signing - so perhaps that's the route to  consider...
Hmm, I'm not quite sure what you are talking about. I just meant that this
profile doesn't do anything more than filling out the signature field,
nothing fancy. No update of visible fields with e.g. signing time nor
inserting a gold shimmering 'seal' icon.

I don't intend to apply any right management functions regarding future
changes of the document. For me the signature is sufficient !

Greetings

Andreas

>
> -----Original Message-----
> From: Andreas Kuehne [mailto:kuehne@trustable.de]
> Sent: Tuesday, April 01, 2008 5:28 AM
> To: Leonard Rosenthol
> Cc: dss@lists.oasis-open.org
> Subject: Re: Fw: [dss-x] Visual Signatures profile
>
> Hi Leonard !
>
> Konrad said something very important yesterday :
>
> 'Think of requirements, not of existing solutions !'
>
> I hope I remember it correctly ... but it's true anyway. 2D barcodes 
> are funny stuff to impress my kids and colleagues, but our real use 
> case is
> : Mass signing of PDF invoice documents. That's not a tricky 
> requirement at all, but I just can't do it using DSS right now !
>
> So I would like to go for a signing profile for PDF documents starting 
> with the core's successful keep-it-simple approach in mind :
>
> - One signature at a time
> - Pre-configured signature field included in the document
> - DSS's signature placement enhanced to be a pointer into a PDF doc
> - No update of the PDF beyond the signature field
>
> Same for Verification. I have no experience with timestamps in PDFs, 
> maybe the simple signature approach will fit ??
>
> This would introduce a new profile with focus on PDF as a signature 
> container format, independent from the visual signature efforts. Does 
> this makes sense to you ?
>
> More sophisticated profiles may aggregate this functionality, but 
> that's not my use case.
>
>
> Opinions welcome
>
> Andreas
>
>

___________________________________________________
Andreas Kühne
phone: +49 177 293 24 97
mailto: kuehne@trustable.de


Trustable Ltd.
Niederlassung Deutschland
Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868

IDirectors
Andreas Kühne
Heiko Veit

Company UK
Company No: 5218868
Registered in England and Wales

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php